Data Protection and Confidentiality Policy  

S.C. Art Match S.R.L., headquartered in the Town of Chisoda, Township of Giroc, Calea Sagului, Dn. 59, Dept. 4 + 5 and Bld. 6 + 7, Timis County, duly registered with Trade Register Office under the no. J35/1374/1998, T.I.N.: RO 11332587, (hereinafter referred to as S.C. Art Match S.R.L. or the „Company”), collects and processes personal data in strict compliance with the legal provisions applicable in the field of personal data protection and free circulation of such information.

Your right to privacy represents one of our fundamental commitments and therefore we will dedicate all our resources and we will take all necessary steps to process your personal data in strict compliance with the EU Regulation 2016/679 (“General Data Protection Regulation” or “GDPR”) as well as with any other laws and regulations in force in Romania. This declaration of confidentiality will give you an insight about how we handle your personal data and your privacy rights and about how the applicable laws protect your privacy.

Please be advised that the new provisions of General Data Protection Regulation 2016/679 (“GDPR”) became effective and fully applicable as of May 25th 2018. This Regulation applies to you too as it brings about major changes in terms of protection of personal data, both for the clients and the processors and, at the same time, it gives you more rights in this sector. GDPR imposes a unique set for rules that are directly applicable to all EU Member States. Furthermore, GDPR replaces the Directive 95/46/EC and implicitly, the provisions set forth by the Romanian Law no. 677/2001 on the protection of individuals with regard to processing of personal data and free circulation of such data.

S.C. Art Match SRL is fully aware of the paramount importance of your data and therefore expressly commits to protect the confidentiality and security of such data. This is why it is highly important for us to give you a complete, clear and coherent information on how we process personal data of all data subjects (customers, prospective clients, applicants for vacancies within the company, users of our website, etc.).

What are the categories of personal data we are processing?

        1. Identification data (surname, given name, address, telephone, e-mail);

        2. Information about your personal transactions (bank account, card/account number, expiry date and holder’s name, CVC code, or, in the case of our employees: bank account, salary details), which are required when placing an order on-line;

        3. Information regarding the location, image and video recordings of individuals (video images captured by the CCTV system installed both at the company’s premises as well as at the company’s work sites);

        4. Digital personal data, such as the IP addresses of all those who access the company’s online resources, the GPS locations, user name for various applications to which access is granted by means of your browser cookies;

        5. Log in data, technical details including your computer’s IP address, time zone and operating system. We will store your log in information (registration data, date of last change of your password, date of last successful authentication), your browser’s type and version;

        6. The following personal data of our employees will be processed in REVISAL and uploaded in the REGES online portal, in strict compliance with the laws in force:

1. Employee’s full name

2. Citizenship

3. Country of residence

4. Type of ID document

5. Personal Identification Number

6. Series and number of employment record book (if applicable)

7. Employee’s address

8. Status of employment agreement (whether it is active or not)

9. Employment term

10. Number of employment agreement

11. Employee’s position

12. Type of employment agreement;

13. Employment commencing date;

14. Employment termination date;

15. Number under which the .rvs file has been transferred.

        7. Information regarding both the applicants’ or our employees’ education and professional background (education and training history, qualifications, certifications).

Personal data are used for the following purposes:

The Company collects and processes your personal data to:

        1. Create and handle your account opened on website;

        2. Enter into, carry out and terminate your employment contract as well as any addendum(a) thereto;

        3. Process your orders;

        4. Issue invoices and to collect the prices of the services you have ordered and to facilitate all online payments;

        5. Deal with cancellations or any other issues (irrespective of nature thereof) raised in relation to an order and/or products that have been purchased;

        6. Return products and refund the value of products, in strict compliance with the legal provisions in force;

        7. Conduct customer satisfaction surveys and draft statistics aimed at improving the quality of our products and services;

        8. Provide updates, regular newsletters, to grant loyalty benefits and to continuously improve the quality of products and services we provide (newsletters, news alerts, promotional ads, information on new products), exclusively based on your freely given consent;

        9. Enter into, carry out and terminate your individual employment contract as well as any addendum(a) thereto;

        10. Comply with our legal obligation to enter your personal data in REVISAL and REGES;

        11. Discharge other legal obligations and duties we have undertaken;

        12. Settle any potential litigations submitted to be settled by the competent law courts (national or international common law courts or arbitration tribunals);

        13. Draft and present internal reports;

        14. Submit notifications or reports to competent public or governmental authorities or agencies;

        15. Evaluate your Resume should you apply for a vacancy or change your position or if you are promoted to a higher position;

        16. Your bank account data is collected in order to transfer your salary entitlements while the information regarding your salary and other monetary entitlements is processed in order to discharge our legal obligations (including without limitation to the cases when a creditor imposes a distraint on your salary and our company acts as a garnishee)

The personal data of data subjects appearing on the images captured by our CCTV systems will be processed to:

  • Provide, ensure and guarantee the protection and security of individuals, personal effects and belongings, real estate property and equipment belonging to or used by the company, as well as to safeguard and protect the surrounding areas;

Therefore, the Company aims to achieve the following objectives by means of the CCTV security recording system:

        1. ensuring that the company's premises is properly protected and secured;

        2. prevention and identification of acts or attempts of theft, destruction, removal or stealing of goods or employees' personal belongings, acts of assault and battery as well as other offences;

        3. documentation of possible labor accidents or incidents;

        4. remote control of the state and condition of the company's premises in case of fire or intrusion or break-in;

        5. checking all unauthorized exits from / entries into the company's premises;

        6. checking any potential serious disciplinary offenses,

        7. making sure that the employees' right to defence is strictly observed, particularly in the case of investigating potential disciplinary misconduct, especially in the event of unfounded and malicious claims submitted by other employees or clients / suppliers of the company. In such cases, the data subject is entitled to request access to all video recordings in order to exercise his/her right to defence, regardless of the severity of the claimed disciplinary offense.

Collection and processing of your personal data, within the context of the scope and purposes outlined above, are based on the following legal grounds:

        1. entering into and execution of individual employment contracts or services supply agreements (data is collected and processed even from the pre-contractual phase), as well as building and consolidation of a business relationship between you and the company, in the event of purchasing a product from our website;

        2. a legal obligation of the company, as prescribed by the applicable laws;

        3. your consent;

        4. Company’s legitimate interest(s).

Categories of recipients who may receive any personal data we have collected:

        1. Governmental authorities (including without limitation to labour or tax authorities, governmental agencies with jurisdiction and competence in criminal matters), as a result of a legal obligation undertaken by the Company;

        2. Suppliers directly/indirectly involved in the company’s business, as a result of their activities in connection with or related to the Company (couriers, financial/banking services providers);

        3. Company’s partners;

        4. Public institutions, regulatory or governmental agencies, if the applicable laws impose so;

        5. Company’s employees, as required by the Company’s business;

        6. Law courts or arbitral tribunals, notaries public, solicitors, court enforcement officers, chartered accountants, translation agencies, other authorised service providers, appraisers, where the processing is needed to satisfy the legitimate interests of either the controller or a third party;

        7. Payment processor in charge of facilitating the online sales on the company’s website (, provided that a confidentiality agreement has been entered into, under which the payment processor represents and guarantees that such data is properly and securely kept and that the disclosure thereof is made in strict compliance with the rules and regulations in force;

Transfer of personal data to an EU/EEA country or to a third country outside the EEA;

Generally, the Company will not transfer your personal data to other companies outside the country. However, unless it is strictly necessary to fulfil the objectives defined above, the Company may transfer your personal data to other companies outside the European Union and the European Economic Area. We will always take all necessary steps to make sure that any international transfer of personal data is carefully managed in order to protect your rights and interests.

In particular, and only if applicable, the Company may transfer your personal data to the following companies outside the country:

ART MATCH Hungária Kft. Head office, office,

warehouse: Kagyló utca 1-3., Magyarország 2092, Budakeszi

ARTMATCH Deutschland GmbH Address: Raiffeisenring 15, D-46395 Bocholt, Germany

ART MATCH d.o.o. Beograd Head office, office,

warehouse: Bulevar Arsenija Čarnojevića 203/3, 11070 Novi Beograd

For transfers to non-EU / EEA countries, the Company will continuously take all necessary measures to provide an adequate level of protection of personal data, similar to that provided by the European legislation. These measures also include the conclusion of standard contractual terms duly endorsed and acknowledged at the European level.

Personal Data Storage

Personal data will be processed at least over the entire validity term of the agreement as well as afterwards, over a period of time needed by any of the parties to discharge its contractual duties. You may at any time request us to either delete some of your information or to close your account and we will promptly respond to such requests, provided that where the applicable laws or our legitimate interests require, some of this data is kept even after closing the account.

Your rights in respect to your personal data

With regard to processing of personal data under the conditions set forth by the European General Data Protection 679/2016, you may at any time exercise any of the following rights:

(1) Right of access to personal data;

(2) Right to rectification;

(3) Right to erasure or the “right to be forgotten”

(4) Right to withdraw your consent;

(5) Right to restriction of processing;

(6) Right to data portability;

(7) Right to object;

(8) Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects in relation to you, as data subject, or which significantly affects you;

(9) Right to lodge a complaint with us or with the supervisory authority (

(10) Right to seek judicial remedy.

Company’s duties and responsibilities:

Our company, as data controller, shall see that all personal data:

        - is processed lawfully, fairly and in a transparent manner in relation to data subject(s);

        - is collected and processed for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

        - is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed (‘data minimization’);

        - is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

        - is processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage;

        - It is the data controller’s duty to implement appropriate technical and organisational measures intended to guarantee and prove that processing of personal data is conducted in strict compliance with GDPR. Such measures shall be regularly reviewed and updated;

        - Data controller shall make sure that all its subcontractors have implemented and adhered to the provisions set forth by the EU Regulation 679/2016.


In light of the EU Regulation (GDPR), the parties have agreed upon the following definitions:

a) “Personal data”:  means any information (any sequence or series of characters, letters, signs and digits) relating to an identified or identifiable natural person (hereinafter referred to as ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, etc.;

b) “Recipient”:  natural or legal persons or representatives of legal entities, employees, candidates, representatives of suppliers (legal entities), users of our website;

c) „controller”: represents ART MATCH S.R.L which determines the purposes and means used to process personal data;

d) „processor”:  ART MATCH SRL

e) „Subcontractor”: any third party organisation with whom ART MATCH SRL maintains a business relationship;

f) „personal data processing”: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means applied to all personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction thereof;

g) “personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

You can contact us:

        - via e-mail – at the following address:;

        - personally – at any of our work sites or at the company’s premises;

        - by mail, to the following address: Chisoda, Township of Giroc, Calea Sagului, Dn. 59, Compartimentul 4 + 5 and Corpul 6 + 7. Timis County;

        - by phone – telephone number: +4 0256 305000

Update of this Confidentiality Policy regarding collection and processing of personal data

This document is subject to regular revisions. For more information on changes, amendments and supplements to this policy, please access our website to see the latest version thereof.

At the same time, please be advised that further details on our Confidentiality Policy may be found by consulting the following documents: INTERNAL PROCEDURES for compliance with the Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (hereinafter referred to as "the Regulation", "GDPR") and INTERNAL PROCEDURES processing your personal data by using video surveillance, which you can directly request and which will be communicated by email, within 2 days of filing the application.